Page 1 of 1

Detecting Quishing

Posted: 15 Sep 2023 19:25
by amaclach
Here's a tricky one...
Does anyone know of a plugin or method for detecting QR codes in emails and if they are malicious or not (i guess the URL needs to be extracted and checked against the known phish/scam sites).
There is software that can read the QRcodes like zbarimg (in zbar-tools package in Debian)

Code: Select all

user@host:~$ zbarimg -q frame.png
OK - Great - Let's see if we can clean the output up:

Code: Select all

user@host:~$ zbarimg -q frame.png|sed 's/QR-Code://g'
now checking the URL against the blacklists should be relatively easy...
I have no idea what I'm doing with perl etc - does anyone fancy making a spamassassin pm to do this?